{"api_version":"1","generated_at":"2026-04-23T04:21:43+00:00","cve":"CVE-2021-22205","urls":{"html":"https://cve.report/CVE-2021-22205","api":"https://cve.report/api/cve/CVE-2021-22205.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-22205","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-22205"},"summary":{"title":"CVE-2021-22205","description":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.","state":"PUBLIC","assigner":"cve@gitlab.com","published_at":"2021-04-23 18:15:00","updated_at":"2022-07-12 17:42:00"},"problem_types":["CWE-94"],"metrics":[],"references":[{"url":"http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html","name":"http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html","refsource":"MISC","tags":[],"title":"GitLab Unauthenticated Remote ExifTool Command Injection ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html","name":"http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html","refsource":"MISC","tags":[],"title":"GitLab 13.10.2 Remote Code Execution ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/327121","name":"https://gitlab.com/gitlab-org/gitlab/-/issues/327121","refsource":"MISC","tags":[],"title":"Not Found","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json","name":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json","refsource":"CONFIRM","tags":[],"title":"2021/CVE-2021-22205.json · master · GitLab.org / cves · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://hackerone.com/reports/1154542","name":"https://hackerone.com/reports/1154542","refsource":"MISC","tags":[],"title":"HackerOne","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-22205","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22205","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Thanks vakzz for reporting this vulnerability through our HackerOne bug bounty program","lang":""}],"nvd_cpes":[{"cve_year":"2021","cve_id":"22205","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gitlab","cpe5":"gitlab","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"community","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22205","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gitlab","cpe5":"gitlab","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2021","cve_id":"22205","cve":"CVE-2021-22205","vendorProject":"GitLab","product":"Community and Enterprise Editions","vulnerabilityName":"GitLab Community and Enterprise Editions Remote Code Execution Vulnerability","dateAdded":"2021-11-03","shortDescription":"GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2021-11-17","knownRansomwareCampaignUse":"Known","notes":"https://nvd.nist.gov/vuln/detail/CVE-2021-22205","cwes":"CWE-20,CWE-95","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:11"},"epss":{"cve_year":"2021","cve_id":"22205","cve":"CVE-2021-22205","epss":"0.944670000","percentile":"0.999960000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:17"},"legacy_qids":[{"cve":"CVE-2021-22205","qid":"375475","title":"GitLab Multiple Security Vulnerabilities(gitlab- 13-10-3)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-22205","ASSIGNER":"cve@gitlab.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"GitLab","product":{"product_data":[{"product_name":"GitLab","version":{"version_data":[{"version_value":">=11.9, <13.8.8"},{"version_value":">=13.9, <13.9.6"},{"version_value":">=13.10, <13.10.3"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper control of generation of code ('code injection') in GitLab"}]}]},"references":{"reference_data":[{"name":"https://hackerone.com/reports/1154542","url":"https://hackerone.com/reports/1154542","refsource":"MISC"},{"name":"https://gitlab.com/gitlab-org/gitlab/-/issues/327121","url":"https://gitlab.com/gitlab-org/gitlab/-/issues/327121","refsource":"MISC"},{"name":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json","url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json","refsource":"CONFIRM"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html","url":"http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html","url":"http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html"}]},"description":{"description_data":[{"lang":"eng","value":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution."}]},"impact":{"cvss":{"vectorString":"AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","version":"3.1","baseScore":10,"baseSeverity":"CRITICAL"}},"credit":[{"lang":"eng","value":"Thanks vakzz for reporting this vulnerability through our HackerOne bug bounty program"}]},"nvd":{"publishedDate":"2021-04-23 18:15:00","lastModifiedDate":"2022-07-12 17:42:00","problem_types":["CWE-94"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":10,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"13.10.0","versionEndExcluding":"13.10.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"13.10.0","versionEndExcluding":"13.10.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"13.9.0","versionEndExcluding":"13.9.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"13.9.0","versionEndExcluding":"13.9.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"11.9.0","versionEndExcluding":"13.8.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"11.9.0","versionEndExcluding":"13.8.8","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"22205","Ordinal":"196906","Title":"CVE-2021-22205","CVE":"CVE-2021-22205","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"22205","Ordinal":"1","NoteData":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"22205","Ordinal":"2","NoteData":"2021-04-23","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"22205","Ordinal":"3","NoteData":"2021-11-17","Type":"Other","Title":"Modified"}]}}}